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REMARKS 

|pon entry of this Response, claims 1-3, 5-10. 12-18, and 20-23 remain pending 
in |ie p esent patent application. Claims 4, 11, and 19 have been canceled herein. No 
anr endnents are presented herein, where the claims are listed for the sake of 
coi iven ence. Applicants respectfully request reconsideration of the pending claims In 
vielv of the following remarks. 

1 1 item 6 of the Office Action, claims 1 , 6, 9. 13. 16, and 21 have been rejected 
un|er 35 U.S.C. §1 02(e) as being anticipated by U.S. Patent 6,446.204 issued to Pang 
et iL (h 3reafter "Pang"). Anticipation under §102 "requires the disclosure in a single 
prii »r art reference of each element of the claim under constnjctlon. W.L. Gore & 
As ;ocia tes. Inc. v. Gartock, Inc. . 220 U.S.P.Q. 303, 313 (Fed. Cir. 1983). Forthe 



re^on^l that follow Applicant asserts that the rejection of claims 1 , 6, 9, 13, 16, and 21 

as bein| anticipated by Pang is improper Accordingly. Applicant requests that the 

rejection of these claims be withdrawn. 

"ijo begin, claim 1 as previously amended recites as follows: 

1 . A system for authentication, comprising: 

a processor circuit having a processor and a memory; 
an authentication system stored in the memory and 
e|<ecutable by the processor, the authentication system comprising: 
a plurality of authentication agents, each of the 
authentication agents authenticating at least one user 
parameter by performing at least one authentication task; and 
an authentication manager that requests each of 
the authentication agents to authenticate an unauthenticated 
user parameter until all of the authentication agents have been 
requested to authenticate the unauthenticated user parameter 
and the authenticated user parameter is authenticated by at 
least one of the authentication agents, unless one of the 
authentication agents fails to authenticate the unauthenticated 
user parameter. 

As set forth in claim 1 above, the authentication manager requests each of the 
authenti nation agents to authenticate an unauthenticated user parameter until all of the 
aut lent! nation agents have been requested to authenticate the authentication 
par|me|er and the authenticated user parameter is authenticated by at least one of the 
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au heni cation agents. Such is the case unless one of the authentication agents fails to 
au hent cate the unauthenticated user parameter. 

( Jiven that each of the authentication agents is requested to authenticate tlw 
un luthe ntlcated parameter, darm 1 thus specifies that all of the authentication agents 
ar€ reqi lested to authenticate the same unauthenticated user parameter. This is the 
caJie even If the authentication agents may be configured to authenticate parameters of 
a c ifferc nt type than the unauthenticated user parameter, where some of the 
au lent cation agents do not operate to authenticate various types of authentication 
pai ame ers that they may be requested to authenticate. 

1 his fact facilitates the extensibility of the design of the authentication system 
ac< lording to the present invention. In particular, authentication agents can receive a 
rec jest to authenticate a user parameter that they are not configured to authenticate. 
In : uch situations, the authentication agents simply transmit a "valid" reply back to the 
aul lent cation manager and the authentication manager will not know that the 
aul lent cation agent was not actually configured to authenticate the type of parameter it 
wa J ash ed to do. In this respect, authentication agents may more easily be added to 
auth entication system without worrying about trying to map given types of 



aul lent] 



au< lenti cation parameters to be sent to specific ones of the authentication agents for 



cation. 



li \ contrast. Pang describes in the process of FIG. 7A and 7B the authentication 
of i|divii fual user parameters by sending specific parameters to specific authentication 
ag( nts t lat are configured to authenticate those given parameters. In other words, no 
on^ autl ientication parameter is supplied to all of the authentication agents ("Provider") 
of J 'ang Specifically, the provider 606 receives the name of a given individual as an 
aut lenti matron parameter to authenticate, and the provider 608 is given an IP address to 
aut lenti :ate. It is not the case, for example, that the IP address is given to both the 
provider 5 606 and 608, 

T lus, the Providers must be statically linked to the authentication manager 
sofjWar€ of Pang in order to route the proper types of authentication parameters to the 
cor esp( nding ones of the authentication agents. In contrast, to add new types of user 
par^melj^rs for authentication according to the claimed embodiments of the present 
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in>^ntic n, agents may simply be added to the system without regard for trying to map 

ic lif iks between the agents and the manager. 

1 herefore, Applicants assert that Pang fails to show or suggest each of the 

s of claim 1 as previously amended. Also, Applicants assert that Pang fails to 

suggest each of the elements of claims 9 and 16, to the extent that these 

ms ijhcorporate subject matter similar in scope with that of claim 1 . Accordingly, 

Aptolica Its request that the rejection of claims 1, 9. and 16 be withdrawn. In addition, 

Ap|}liGa|its request that the rejection of claims 6, 13, and 21 be withdrawn as depending 

ims 1 , 9, or 1 6, respectively. 

I|ext, in item 7 of the Office Action, claims 2, 7-8, 14-15, 17, and 22-23 have 

ected under 35 U.S.C. §1 03(a) as being unpatentable over Pang, A prima facie 

obviousness is established only when the prior art teaches or suggests all of the 

sof the claims. MPEP 52143.03, In re Riickaert . 9 F.3d 1531,28 U,SP.Q.2d 

56 (Fed. Cir. 1993). For the reasons that follow. Applicants assert that the 

rejfictioil of claims 2. 7-8, 14-15, 17, 22-23 are improper. Accordingly, Applicants 

recjjuest that the rejection of these claims be withdrawn. 

1 o begin, claim 2 as previously amended states as follows; 

2, The system of claim 1 , wherein the authentication 
n manager waits for a response from each of the authentication agents, 
each response indicating whether the unauthenticated user parameter 
h as bean authenticated. 

V/ith respect to claims 2 and 17. the Office Action states In part: 

Tang et al. do not expressly disclose wherein the authentication 
manager waits for a response from each of he authentication agents. 
I- owever. Pang et al. disclose the request may be removed from the 
v\ aiting list and the message may be sent to the browser to indicate 
ti lat the request cannot be processed if the request stayed on the 
v\ aiting list for a predetermined amount of time [If the revised 
b rowser request remains on the waiting list for more than a 
p redetermined amount of time, listener 210 may remove the 
n tquest from the waiting list and send a message to the 
b rowser 202 to indicate that the request could not be processed 
(I nes 60-64| Col. 16)]. Therefore, it would have been obvious to one 
o ■ ordinary skill in the art at the time of invention was made to modify 
P ang et al. to have the predetermined-waiting-time feature 
Ir corporated into the authentication process since one would have 
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teen motivated to increase the efficiency of the application server 
( ine 9. Col. 13 from Pang et ah) by imposing an additional restriction 
c n the authentication response warting time/' (Office Action, pages 
11-12.) 

/ pplicants respectfully disagree with the above assertion. In particular, at 
line s 60-64 of column 16. Pang describes the operation of a web application sen/er and 
th€ proc essing of browser requests. They are not the same as authentication requests 
as pet f(!)rth in claim 2 above. 

In addition, the statement that "it would have been obvious to one of ordinary 
ski in tl \e art at the time the invention was made to modify Pang et al. to have the 
prdtlete -mined warting time feature incorporated into the authentication process since 
on( woi lid have been motivated to Increase the efficiency of the application server by 
Imt osin 3 an additional restriction on the authentication response waiting time" makes 
no 5inc€ In light of the fact a wait does not increase efficiency. In particular, the 
aul lenti nation manager as set forth in claim 2 waits to receive a response from each 
on< of the authentication agents as a given item will not be authenticated until all agents 
ha> e rei ponded to a given request provided to them for a single given parameter If 
any 



one 



of the agents is not configured to authenticate the parameter which is the 
suliect jbf a given request, then such agents simply reply back to the authentication 
ma lage r that the parameter is "valid" or provide some other designation, thereby 
caijsing the manager to believe that the specific parameter was authenticated. 

It is by using this approach that benefits are realized to the extent that additional 
aul|enti nation agents may be added that need not be statically linked to the 
aut lenti nation manager as was described above. The statement that one would have 
bee n mc tlvated to increase the efficiency of the application server by imposing an 
adc Ition; H restriction on the authentication response waiting time makes no since as one 
woi Id n( )t be motivated to increase the response waiting times, rather one would be 
mo ivated to reduce such waiting times for authentication. It just so happens that the 
indi /idu<il authentication agents do not delay the process in authenticating a parameter 
if til sy ai e configured to authenticate a parameter of a given type. Rather, such agents 
Sim )ly n fspond with a "valid" response or other appropriate response. 
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/ accordingly. Applicants assert that the rejection of claim 2 is improper. Also, 

Aplf)lica its assert that the rejection of claim 17 is improper to the extent that claim 17 

Inc ude\ subject matter similar in scope with that of claim 2. Accordingly, Applicant 

re(|uest > that the rejection of claims 2 and 17 be withdrawn. 

l|ext, claim 7 as previously amended provides as follows: 

7. A system for authentication, comprising; 

a processor circuit having a processor and a memory; 
an authentication system stored in the memory and 
^ecutable by the processor, the authentication system comprising: 
a plurality of authentication agents, each of the 
authentication agents authenticating at least one user 
parameter by performing at least one authentication task; 

an authentication manager that requests each of 
the authentication agents to authenticate an unauthenticated 
user parameter; and 

wherein, upon startup, the authentication manager 
is unaware of how many of the authentication agents exist In 
association with the authentication system and the 
authentication manager discovers the authentication agents. 

As set forth above, claim 7 specifies that the authentication manager is unaware 

of low r lany authentication agents exist in association with the authentication system 

up|n sti irtup when the authentication manager discovers the authentication agents. 

Wifi respect to at least this element of claim 7, the Office Action states as follows: 

"Pang et al, do not expressly disclose wherein, upon startup, the 
ajUthentication manager is unaware of how many of the authentication 
a jents exist in association with the authentication system and the 
a jthentication manger discovers the authentication agents. However, 

ang et al. disclose the providers are implemented as dynamically 
III Iked libraries (DLLs) and loaded dynamically at the mntlme only and 
tf e communication of is through the use of Microsoft COM or remote 
ocedure calls (RPC) EProviders are Implemented as dynamically 
ii iked libraries (DLLs). A& such, the providers are loaded into 
a id execute within the same address space as the authentication 
h|>sts to which they belong (lines 1-4, Col. 20). The providers are 
eferably loaded dynamically at run time (lines 4-5, CoL 20). For 
e cample, the components of web application server 280 may 
a tematlvely communicate with each other using Remote 
P -ocedure Calls (RPC). a UNIX, Microsoft COM (lines 64-67, CoL 
1 '); where dynamically links at the running time only means the 
e (act number of agents are unl^nown prior to the process is 
ri nning]. Therefore, It would have been obvious to one of ordinary 
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5 kill in the art at the time of invention v\^as made to modify that Pang et 
5 1, to have the discovery procedure of the provider specified since one 
vrould be motivated to have a mechanism which allows providers to be 
c ynamically added and removed from the authentication server 
( Ines 22-24, Col. 20 from Pang et al.)- Thus, it would have been 
c bvious to modify Pang et al. to obtain the invention as specified in 
c aim 7." (Office Action, pages 14-15.) 

/ pplicants respectfully disagree. Specifically, operative within the terms 
'dijham cally linked libraries'' is the term "linked". In this respect, the link is a specific 
sta Ic lir k between the various providers included in the library and the given 
aui lent cation host as described by Pang. In particular, a dynamically linked library Is a 
feg ure 5f the Microsoft Windows™ family of operating systems and OS/2 that allows 
exi cuta 3le routines to be stored separately as filed with DLL extensions and to be 
lodaed only when ndoded by a program. A dynamically linked library file has 
ad|ants ges in that it does not consume any memory until it is used, and, because a 
dyr am[(lally linked library is a separate file, a programmer can make conrections or 
im rovenents to only that module without affecting the operation of the calling program 
or 4ny other dynamically linked library. Also, dynamically linked libraries may be reused 
witft oth ?r programs. 

Although a dynamic linked library has advantages as described above, there is 
stillla sfcitic link between the providers of the dynamically linked library and the 
autlienti::ation host. The only difference is that the providers are loaded and executed 
when cglled as opposed to being loaded and executed when the authentication host is 
loaffled i nd executed. Thus, a link must exist between the authentication host and the 
giv|n providers or they could not be called up and executed during mn time. 

nee a static link does exist between the authentication host and the given 
pro^iderfe and stored as a dynamically linked library as set forth in Pang, rt is not the 
cas 3 th£ t Pang shows or suggests that upon start the authentication manager is 
uns A^arc of how many of the authentication agents exist In association with the 
auti lenti jation system and that the authentication manager discovers the authentication 



ag€ Its 



Rather, the static links between the providers and the authentication host of 
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Ps ig ensures that the authentication host can access the providers when needed. In 
thi| res 3ect. the authentication host is aware of the existence of the providers. 

> accordingly, Applicants assert that Pang fails to show or suggest each of the 
:s of claim 7 as it cun^ently stands. In addition, Applicants assert that Pang fails 
or suggest each of the elements of claims 14 and 22 to the extent that they 
subject matter similar In scope with that of claim 7, Accordingly, Applicants 
that the rejection of claim 7, 14. and 22 be withdrawn. In addition. Applicants 
re^jDectjully requests that the rejection of claims 8, 1 5, and 23 be withdrawn as 

ng from claim 7, 14, and 22, respectively, for the reasons described above with 
reffrende to claim 7, 14, and 22. 

Ill item 8 of the Office Action, claims 4-5, 11-12. and 19-20 have been rejected 
un< er 3 5 U.S,C. §1 03(a) as being unpatentable over Pang, and further in view of U,S. 
Pa ent e , 61 5,264 issued to Stote et al. (hereafter "Sfo/fz"). A prima facie case of 
ob> ious less is established only when the prior art teaches or suggests all of the 
ele nenis of the claims. MPEP §2143.03, In re Riickaert . 9 F.3d 1531, 28 U.S.P.Q,2d 
19J 5, 1!)56 (Fed. Cir, 1993). Claims 4, 11, and 19 have been canceled herein, thereby 
ren lerir g this rejection moot with respect to such claims. Applicants assert that the 
cite d co mbination of references fails to show or suggest each of the elements of 
cla Tis £, 12, and 20. Accordingly, Applicants respectfully requests rejection of 
da T)s S, 12. and 20 be withdrawn. To begin, claim 6 as previously amended provides 
as Tpllows: 
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5. A system for authentication, comprising: 

a processor circuit having a processor and a memory; 
an authentication system stored in the memory and 
Executable by the processor, the authentication system comprising: 
a plurality of authentication agents, each of the 
authentication agents authenticating at least one user 
parameter by performing at least one authentication task, 
wherein a parameter type associated with each of the 
authentication agents; and 

an authentication manager that requests each of 
the authentication agents to authenticate an unauthenticated 
user parameter 

wherein each of the authentication agents 
authenticates the unauthenticated user parameter if the 
unauthenticated user parameter is of the parameter type 
associated with the respective authentication agent; and 
wherein: 

each of the authentication agents transmits 
an invalid response to the authentication manager upon 
a failure to authenticate the unauthenticated user 
parameter; 

each of the authentication agents transmits 
a valid response to the authentication manager upon a 
successful authentication of the unauthenticated user 
parameter; and 

each of the authentication agents transmits 
a valid response to the authentication manager If the 
unauthenticated user parameter is of a parameter type 
that is different than the parameter type associated with 
the respective authentication agent. 



ith respect to claim 5, the Office Action states: 



"F^ang et aL do not expressly disclose each of the authentication 

a jents transmits a valid response to the authentication manager If the 

u lauthenticated user parameter is of a parameter type that is different 

than the parameter type associated with the respective authentication 

ai jent However, Stoltz et al. disclose plurality of authentication 

rrodules and each has the option of accepting or declining 

re sponsibility for a request such that it can accept all the request at all 

th e time, part of the time, or not accepting the request at all 

[/ Luthentication modules 240 each have the option of accepting or 

d iclining responsibility for a particular connection. 

A Jthentication modules 240 may base their decision on other 

a^railabte system resources or settings (e.g., from services 230* 

2;t8, external databases, etc.). In one or more embodiments, an 

authentication module 240 can be configured to accept all users 
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2 II of the time, to only accept connections with smart cards, or to 
d nly accept users with pseudo tokens, for example (JInes 57-t65, 
C ol 8); where declining can be due to the reason, such as the 
f eld of authentication is not the right type associated with the 
r ioduie]:' (Office Actton, pages 29-30,) 

/ pplicants respectfully disagree. Specifically, at column 8, lines 57-65. Stoltz 
stales a i follows: 

" Authentication modules 240 each have the option of accepting or 
d sclining responsibility for a particular connection. Authentication 
n^iodules 240 may base their decision on other available system 
n ^sources or settings (e.g., from services 230-238, external databases, 
e :c.). In one or more embodiments, an authentication module 240 can 
b 5 configured to accept all users all of the time, to only accept 
c Dnnections with smart cards, or to only accept users with pseudo 
t( kens, for example." 

T 1US, authentication modules as taught by Stoltz have the option of accepting or 
decflininji responsibility for a particular connection. However, in declining responsibility 
::onn action, the authentication modules of Stoltz do not transmit a "valid" response to 
1 sntication manager. Due to the fact that the agents transmit a "valid" response 
s jch (iircumstances, the authentication manager is of lesser complexity and does not 
hav 3 to leal with a greater number of potential responses from the agents. Also, this 
fea J re f Jrther facilitates the easy addition of new agents to the authentication system 
witfiout creating further static connections with the authentication manager. 

A xordingly, Applicants assert that the rejection of claims 5, 12, and 20 is 
imp(fope|. Accordingly. Applicants request that the rejection of claims 5, 12, and 20 be 



with drav n 



Ir 
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assi irt th 3t 



addition, in item 9 of the Office Action, claims 3, 10. and 18 have been rejected 
und^r 39 U.S.C. §1 03(a) as being unpatentable over Pang as applied to claims i . 9, 

; md further in view of U.S. Patent Publication 2002/0069247 filed by Paknad et 
(jfierejpfler "Paknad\ A prima facie case of obviousness Is established only when 

I teaches or suggests all of the elements of the claims. MPEP §2143.03. in 
iick^, 9 F.3d 1531. 28 U.SP.Q.2d 1955, 1956 (Fed. Cir. 1993). Applicants note 
3, 10. and 18 depend from claims 1, 9, and 16. Accordingly. Applicants 
the cited combination of references fail to show or suggest each of the 

-19- 



PA6E21/22'RCVDAT2/24/2006 9:04:23 AM [Eastern SM^^ 



02/24/2006 10:09 7709510933 



elehents 



de 

ISjbe withdrawn 



CONCLUSION 

Albplicants respectfully request that all outstanding objections and rejections be 

and that this application and all presently pending clainns be allowed to issue. 
Exbminer has any questions or comments regarding this response, the Examiner 
is ej[icou||raged to telephone the undersigned counsel of Appliciants. 

Respectfully submitted, 
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of claims 3, 10, and 18 as depending from claims 1 , 9, and 16 for the reasons 
above. Accordingly, Applicants request that the rejection of claims 3. 10, and 
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